Аутентификация моего приложения основана на Devise. Моему клиенту теперь требуется больше безопасности при управлении паролями и регистрационными электронными письмами, поэтому я установил гем devise-security . Как рекомендовано в проверке электронной почты topi c в вики, я также добавил email_адрес драгоценный камень.
Вот Gemfile:
# Authentication and Authorisations
gem 'devise'
gem 'devise-security'
gem 'email_address' # for email validation
gem 'cancancan', '~> 3.0'
Модель пользователя содержит:
class User < ApplicationRecord
extend CsvHelper
validates_with EmailAddress::ActiveRecordValidator, field: :email
# Virtual attribute for authenticating by either username or email
# This is in addition to a real persisted field like 'username'
attr_accessor :login
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :recoverable, :rememberable,
:trackable, :secure_validatable, :confirmable, :lockable, :password_archivable
### validations
#validates :email, :presence => true, :email => true
config / initializers / devise.rb содержит:
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
# config.secret_key = 'a49a0d923cf906a896ff86cc42273cd1cfb578a6f3123173f7631c51b0ed8eea6233a0fc832d1dc1ea733b6f1f5e31b25d4c8d670641a64af76dad8690f00bf2'
# ==> Mailer Configuration
config.mailer_sender = 'SIS@bfs.admin.ch'
# Configure the class responsible to send e-mails.
config.mailer = 'Devise::Mailer'
# Configure the parent class responsible to send e-mails.
config.parent_mailer = 'ActionMailer::Base'
# ==> ORM configuration
require 'devise/orm/active_record'
# ==> Configuration for any authentication mechanism
config.authentication_keys = [:login]
# Configure parameters from the request object used for authentication.
config.request_keys = []
# Configure which authentication keys should be case-insensitive.
config.case_insensitive_keys = [:email]
# Configure which authentication keys should have whitespace stripped.
config.strip_whitespace_keys = [:email]
# By default Devise will store the user in session.
config.skip_session_storage = [:http_auth]
# ==> Configuration for :database_authenticatable
config.stretches = Rails.env.test? ? 1 : 11
# Send a notification to the original email when the user's email is changed.
config.send_email_changed_notification = false
# Send a notification email when the user's password is changed.
config.send_password_change_notification = false
# ==> Configuration for :confirmable
config.confirm_within = 1.days
# If true, requires any email changes to be confirmed (exactly the same way as
# initial account confirmation) to be applied.
config.reconfirmable = true
# Defines which key will be used when confirming an account
config.confirmation_keys = [:email]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
config.remember_for = 1.days
# Invalidates all the remember me tokens when the user signs out.
config.expire_all_remember_me_on_sign_out = false
# ==> Configuration for :validatable
# Range for password length.
config.password_length = 6..128
# Email regex used to validate email formats.
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
# ==> Configuration for :lockable
config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
config.unlock_keys = [:email]
# Defines which strategy will be used to unlock an account.
config.unlock_strategy = :email
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
config.maximum_attempts = 3
# Warn on the last attempt before the account is locked.
config.last_attempt_warning = true
# ==> Configuration for :recoverable
# Time interval you can reset your password with a reset password key.
config.reset_password_within = 6.hours
# When set to false, does not sign a user in automatically after their password is
# reset.
config.sign_in_after_reset_password = true
# ==> Configuration for :encryptable
# config.encryptor = :sha512
# ==> Scopes configuration
# config.scoped_views = false
# Configure the default scope given to Warden..
# config.default_scope = :user
# ==> Navigation configuration
# The default HTTP method used to sign out a resource. Default is :delete.
config.sign_out_via = :delete
end
config / initializers / devise-security .rb содержит:
Devise.setup do |config|
# ==> Security Extension
# Configure security extension for devise
# Should the password expire (e.g 3.months)
config.expire_password_after = 1.year
# Need 1 char of A-Z, a-z and 0-9
config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
# How many passwords to keep in archive
config.password_archiving_count = 10
# Deny old passwords (true, false, number_of_old_passwords_to_check)
# Examples:
# config.deny_old_passwords = false # allow old passwords
# config.deny_old_passwords = true # will deny all the old passwords
# config.deny_old_passwords = 3 # will deny new passwords that matches with the last 3 passwords
config.deny_old_passwords = true
# enable email validation for :secure_validatable. (true, false, validation_options)
# dependency: see https://github.com/devise-security/devise-security/blob/master/README.md#e-mail-validation
config.email_validation = true
end
Поскольку я добавляю : secure_validatable , сервер Puma отказывается запускаться и выдает следующую ошибку:
C: /Ruby26-x64/lib/ruby/gems/2.6.0/gems/activemodel-5.2.4.2/lib/active_model/validations/validates.rb:121:in `rescue in block in validates ': неизвестный валидатор:' EmailValidator ' (ArgumentError)
Что я упустил при настройке этой функции проверки? Спасибо за вашу помощь!